The Research And Application Of Distributed Intrusion Detection System Based On Snort

With the rapid development and extensive application of computer networktechnology in various fields of society, network security problem is becoming more andmore prominent and is being a major issue concerned with national security andpeople's livelihood. Being a kind of voluntary information protecting technologiesintrusion detection is the effective complement of traditional security protectstechnology such as firewall. Not only does it detect both external and internal intrusionbehavior, but also it can discover the misuses in real-time. Intrusion detectiontechnology greatly improves the security and the depth of the network security systemit is one of the main development of network security.This paper focuses on the need of information warfare in future, studied the IDS osnort, which aim at improving matching algorithm and the application of snort. Thepaper's major works are as flows:1. Studied the basic theory of intrusion detection, including the general process ointrusion detection, the classifications of the intrusion detection system, and theknowledge about the distributed intrusion detection systems; besides, we analyzed thestructure of snort, work process and processing of snort rules and so on.2. Researched the mainstream matching algorithms deeply, such as BM algorithmBMH algorithm and Sunday algorithm. Based on the detailed analyzing to the existedalgorithm, an improved algorithm is presented, which named I_BMH algorithm. Thisalgorithm combines the advantages of the above-mentioned algorithms. The shift isdetermined by the last matching text character and the next, which greatly enhanced theprobability of occurrence of the largest right shift m+1. According to result of theexperiment, this algorithm improves the efficiency of pattern matching obviously.3. A distributed intrusion detection system based on snort was designed for thepurpose of applying in military network. This system uses the three-cascaded structurethe snort sensors were deployed in every singled company, aimed to collect alarminformation comprehensively came from every aspects; database servers were deployedon battalions, receiving alarm information and providing managing services; in grouplevel, analysis console could give us a higher level of warning information byintegrating the separate alarm came from the bottoms or draw a higher level of warninginformation; furthermore, it provides us a comprehensive view about the networksecurity incidents, which contributes to leader's decision analysis.